<?php
$link = mysql_connect('localhost','cs4350','!@'); 
if (!$link) { 
    die('Could not connect to MySQL: ' . mysql_error()); 
}
else {
    echo 'You are connected to the cs4350 database server!</br>';
}
if (!mysql_select_db( 'todo', $link)) {
    die('Aw snap, no database named todo...');
}
else {
    echo 'You are now using the todo database!</br>';
}
$username = $_POST["user"];
$password = md5($_POST["pass"]);
//die ($password);
$sql = 'SELECT * FROM users WHERE user="'.$username.'" AND pass="'.$password.'"';
// die($sql);
$result = mysql_query($sql, $link);
if (!$result) {
    die('Invalid query: ' . mysql_error());
}
else {
    // print_r($result);
    // var_dump($result);
    $row = mysql_fetch_array($result);
    if($row === FALSE) {
        header('location:failed.html');
    }
    else {
        //echo '</br>Welcome, '.$row[0].'!';
		echo '<head>';
		echo '<script>';
		echo 'window.onload = function(){';
		echo 'sessionStorage.setItem(\'user\', "' . $username . '");';
		echo 'var login = sessionStorage.getItem("user");';
		//echo 'alert(login);';
		echo 'window.location = "/home/home.php?user='.$username . '";';
		echo '}';
		echo '</script>';
		echo '</head>';
		//die ($username);
		//header('location:home.php?user='.$username);
		//die();
    }
    mysql_free_result($result);
}
?>